Hi,
I've had my edgerouter X (SFP) working on my cable connection (with static ip range) perfectly fine.
But last week I moved and now I have a single ip with a fiber connection, so I got rid of the modem. but I have some issues to get hairpin to work with my port forward rules.
The portforwardings do work from external locations, but every host on switch0 is not able to connect throught the external ip/port to the server.
Here is my config: (I've disabled the firewall to make sure there is no issues in that for now)
interfaces {
ethernet eth0 {
description "XS4ALL Internet (eth)"
duplex auto
mtu 1508
poe {
output off
}
speed auto
vif 6 {
description "XS4ALL INTERNET (ppoe)"
mtu 1508
pppoe 0 {
default-route auto
firewall {
in {
}
local {
}
}
mtu 1500
name-server auto
password xs4all
user-id FB7490@xs4all.nl
}
}
}
ethernet eth1 {
description Local
duplex auto
speed auto
}
ethernet eth2 {
description Local
duplex auto
speed auto
}
ethernet eth3 {
description Local
duplex auto
speed auto
}
ethernet eth4 {
description Local
duplex auto
poe {
output 24v
}
speed auto
}
ethernet eth5 {
duplex auto
speed auto
}
loopback lo {
}
switch switch0 {
address 192.168.1.1/24
description Local
mtu 1500
switch-port {
interface eth1 {
}
interface eth2 {
}
interface eth3 {
}
interface eth4 {
}
vlan-aware disable
}
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface eth1
lan-interface eth2
lan-interface eth3
lan-interface eth4
rule 1 {
description "server 1"
forward-to {
address 192.168.1.20
}
original-port 8000-9000,5000-5100,32400
protocol tcp_udp
}
rule 2 {
description "server 2"
forward-to {
address 192.168.1.20
}
original-port 6690
protocol tcp_udp
}
wan-interface pppoe0
}
service {
dhcp-server {
disabled false
hostfile-update disable
shared-network-name LAN {
authoritative disable
subnet 192.168.1.0/24 {
default-router 192.168.1.1
dns-server 192.168.1.1
lease 86400
start 192.168.1.20 {
stop 192.168.1.243
}
}
}
}
dns {
forwarding {
cache-size 150
listen-on switch0
}
}
gui {
http-port 80
https-port 443
older-ciphers disable
}
nat {
rule 5010 {
description "masquerade for WAN"
log enable
outbound-interface pppoe0
protocol all
type masquerade
}
}
ssh {
port 22
protocol-version v2
}
upnp2 {
listen-on switch0
nat-pmp disable
secure-mode disable
wan eth0
}
}
system {
host-name router.domain.tld
login {
user username {
authentication {
encrypted-password xxxxxxxxx
}
full-name "User Name"
level admin
}
}
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
}
time-zone UTC
}Does anyone have an idea what could be wrong?
Thanks!
Harold